mirror of https://github.com/arendst/Tasmota.git
Merge pull request #3967 from blenk92/development
Fix XSS-Vulnerability in configuration page
This commit is contained in:
commit
42e8b193f7
|
@ -789,6 +789,17 @@ void HandleWifiConfiguration()
|
||||||
HandleWifi(false);
|
HandleWifi(false);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
String htmlEscape(String s)
|
||||||
|
{
|
||||||
|
s.replace("&", "&");
|
||||||
|
s.replace("<", "<");
|
||||||
|
s.replace(">", ">");
|
||||||
|
s.replace("\"", """);
|
||||||
|
s.replace("'", "'");
|
||||||
|
s.replace("/", "/");
|
||||||
|
return s;
|
||||||
|
}
|
||||||
|
|
||||||
void HandleWifi(boolean scan)
|
void HandleWifi(boolean scan)
|
||||||
{
|
{
|
||||||
if (HttpUser()) { return; }
|
if (HttpUser()) { return; }
|
||||||
|
@ -854,7 +865,7 @@ void HandleWifi(boolean scan)
|
||||||
String item = FPSTR(HTTP_LNK_ITEM);
|
String item = FPSTR(HTTP_LNK_ITEM);
|
||||||
String rssiQ;
|
String rssiQ;
|
||||||
rssiQ += quality;
|
rssiQ += quality;
|
||||||
item.replace(F("{v}"), WiFi.SSID(indices[i]));
|
item.replace(F("{v}"), htmlEscape(WiFi.SSID(indices[i])));
|
||||||
item.replace(F("{w}"), String(WiFi.channel(indices[i])));
|
item.replace(F("{w}"), String(WiFi.channel(indices[i])));
|
||||||
item.replace(F("{r}"), rssiQ);
|
item.replace(F("{r}"), rssiQ);
|
||||||
uint8_t auth = WiFi.encryptionType(indices[i]);
|
uint8_t auth = WiFi.encryptionType(indices[i]);
|
||||||
|
|
Loading…
Reference in New Issue